1
1
Граф коммитов

682 Коммитов

Автор SHA1 Сообщение Дата
Andreas Schneider
fbfe002460 tests: Check for memory allocation error in torture_pki_ed25519_sign()
CID 1393899

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-06 09:36:47 +02:00
Andreas Schneider
c7525c056c tests: Improve torture_connect_socket()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-06 08:58:27 +02:00
Andreas Schneider
1509693cce tests: null terminate buffer in torture_read_one_line()
CID 1393902

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-06 08:52:42 +02:00
Andreas Schneider
67ef808a95 tests: Add additional NULL check in torture_pki_rsa_write_privkey()
CID 1393904
CID 1393903

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-06 08:50:11 +02:00
Andreas Schneider
aeefcd8199 tests: Initialize readfds in torture_channel_select()
CID 1393905

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-06 08:46:37 +02:00
Andreas Schneider
9bc050d07d tests: Check return code of ssh_pki_import_privkey_base64
CID 1393906

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-06 08:44:28 +02:00
Andreas Schneider
c2776f70c1 tests: Improve test checks
CID 1394620

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-06 08:32:07 +02:00
Anderson Toshiyuki Sasaki
9305762fcd Remove internal calls to ssh_init
Since the call is made automatically when the library is loaded, these
calls are no longer required (if the library is not linked statically).

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-03 16:43:03 +02:00
Anderson Toshiyuki Sasaki
e0e0d62a71 tests: Run thread tests on Windows
When pthreads is available, run the threads tests on Windows

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-03 16:43:03 +02:00
Anderson Toshiyuki Sasaki
708f127788 tests: Add test for RSA PKI running on threads
Run the tests from torture_pki_rsa.c on threads.  Tests requiring files
to be removed are not tested, since they would require the access to
the files to be synchronized.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-03 16:43:03 +02:00
Anderson Toshiyuki Sasaki
dd3d867452 tests: Add test for crypto running on threads
The test run crypto test on multiple threads.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-03 16:43:03 +02:00
Anderson Toshiyuki Sasaki
5443863723 tests: Add test for buffer running on threads
The test run buffer tests on multiple threads.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-03 16:43:03 +02:00
Anderson Toshiyuki Sasaki
edcdef94ee tests: Add test for init running on threads
The test runs ssh_init()/ssh_finalize() on multiple threads.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-03 16:43:03 +02:00
Anderson Toshiyuki Sasaki
83b43443e5 threads: Automatically call ssh_init on load
This makes unnecessary to call ssh_init() when the library is
dynamically loaded.  Also removes the threads shared library.  The used
threads implementation is chosen in configuration time, changing the
ssh_threads_get_default() depending on the available threads library.

Internally, it is expected a threads implementation providing:

- void ssh_mutex_lock(void **mutex);
- void ssh_mutex_unlock(void **mutex);
- struct ssh_threads_callbacks_struct *ssh_threads_get_default(void);

and a crypto implementation providing:

- int crypto_thread_init(struct ssh_threads_callbacks_struct *user_callbacks);
- void crypto_thread_finalize(void);

This adds internal threads implementation for pthreads and noop.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-03 16:43:03 +02:00
Jakub Jelen
25407209b0 pkd: Add missing ECDH mechanisms + whitespace cleanup
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-01 16:05:12 +02:00
Jakub Jelen
0e886ba803 pkd: Support ed25519 host keys in server
This adds support for the ed25519 keys in the pkd framework and adds
openssh-only tests utilizing these host keys (dropbear does not support
them yet).

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-01 16:04:40 +02:00
Jakub Jelen
ed738bee34 test: Fix text labels (copy & paste error)
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-01 16:03:17 +02:00
Andreas Schneider
afa4021ded tests: Add umask() around mkstemp()
CID 1391450

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-07-07 11:38:59 +02:00
Andreas Schneider
c425082394 tests: Fix errno check in pkd
CID 1393877

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-07-07 11:35:00 +02:00
Andreas Schneider
c866768da4 torture_pki_dsa: Improve torture_pki_dsa_publickey_base64
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-07-05 13:15:14 +02:00
Andreas Schneider
c503bb572e crytpo: Make sure we check return of ssh_get_random() correctly
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-07-05 12:12:14 +02:00
Jakub Jelen
8e211c0689 tests: Verify various host keys can be successfully negotiated and verified
This verifies that all the supported host keys can be used and
verified by the client, including the SHA2 extension in RFC 8332.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-07-04 07:52:50 +02:00
Andreas Schneider
3141dec632 known_hosts: Remove deprecated ssh_knownhosts_algorithms()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-07-03 15:08:40 +02:00
Andreas Schneider
539d7ba249 kex: Use ssh_known_hosts_get_algorithms()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-07-03 15:08:40 +02:00
Andreas Schneider
83a46c7756 tests: Add knownhosts test for detecting conflics
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-07-03 15:08:40 +02:00
Andreas Schneider
de44fdfd35 tests: Add knownhosts test for SSH_KNOWN_HOSTS_UNKNOWN
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-07-03 15:08:40 +02:00
Andreas Schneider
65a5154eff tests: Add knownhosts test for SSH_KNOWN_HOSTS_OTHER
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-07-03 15:08:40 +02:00
Andreas Schneider
613dcc95e6 knownhosts: Fix return codes
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-07-03 15:08:40 +02:00
Andreas Schneider
77e1761734 tests: Add client test for ssh_known_hosts_get_algorithms()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-07-03 15:08:40 +02:00
Andreas Schneider
e73ae60e1a tests: Use assert_ssh_return_code() in client tests
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-07-03 07:45:51 +02:00
Andreas Schneider
b4462bdea0 tests: Use assert_ssh_return_code() in torture_algorithms
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-07-02 08:03:20 +02:00
Andreas Schneider
f4408f38a3 torture: Give sshd at least 100ms to start.
This should avoid some 'No route to host' errors.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-30 15:27:09 +02:00
Andreas Schneider
c98b00a5f4 log: Make global variables static
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-30 14:37:04 +02:00
Andreas Schneider
f425ebb098 tests: Use new assert ssh return code macros in torture_connect
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-30 14:37:04 +02:00
Andreas Schneider
f6284eafd6 torture: Add assert macros for ssh return codes
This allows us to print errors from ssh sessions.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-30 14:37:04 +02:00
Tilo Eckert
a2a6dddacf tests: adjust test for kex string "curve25519"
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29 15:57:57 +02:00
Tilo Eckert
a366bb3b45 tests: add pkd tests for kex curve25519
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29 15:57:51 +02:00
Tilo Eckert
a4a6017e6e tests: add algorithm tests for kex curve25519
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29 15:57:45 +02:00
Andreas Schneider
206f3ff895 Rest in Peace SSHv1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2018-06-29 14:41:14 +02:00
Andreas Schneider
10728f8577 cmake: Disable torture_packet on Windows
The test uses socketpair().

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29 10:57:36 +02:00
Andreas Schneider
d971983d5e cmake: Add SERVER_TESTING option
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29 10:49:14 +02:00
Andreas Schneider
946f8f64ef cmake: Rename WITH_CLIENT_TESTING option to CLIENT_TESTING
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29 10:32:07 +02:00
Andreas Schneider
84ac7d1de0 cmake: Rename WITH_TESTING option to UNIT_TESTING
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29 10:31:53 +02:00
Andreas Schneider
f4ddf9df53 tests: Fix key parsing in torture_pki_dsa_publickey_base64
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29 10:05:06 +02:00
Andreas Schneider
d7477dc745 tests: Remove system includes from torture_packet
This fixes the build on Windows. Those come in via the include of
socket.c anyway.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29 09:35:54 +02:00
Andreas Schneider
1444ae5add pki: Fix random memory corruption
Fixes T78

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29 09:30:59 +02:00
Andreas Schneider
aa95eb1965 tests: Move CHACHA20 define out of HAVE_DSA ifdef
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29 09:08:07 +02:00
Jon Simons
f827833d82 tests: fix torture_packet.c test_data
Make the `test_data` larger so that tests do not read beyond
its length.  Observed in testing with an `-fsanitize=address`
build locally.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 09:06:30 +02:00
Jon Simons
6f38e0b771 pkd: move chacha20-poly1305@openssh.com tests to OPENSSHONLY section
Dropbear does not currently implement the 'chacha20-poly1305@openssh.com'
cipher, so move it into the OPENSSHONLY suite.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 09:06:30 +02:00
Jon Simons
622ff855f5 pkd: add passes for chacha20-poly1305@openssh.com cipher
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 09:06:30 +02:00
Alberto Aguirre
26734a547a torture_packet: Set encryption/decryption keys
Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 09:06:30 +02:00
Aris Adamantiadis
23accdde1a tests: send more packets of various sizes
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 09:06:30 +02:00
Aris Adamantiadis
321ec2cb1c tests: packet encryption unit testing
That code is really ugly, but it wasn't meant to be modular at all in the
first place.

Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 09:06:30 +02:00
Aris Adamantiadis
27711f6a4c tests: test for chacha20-poly1305@openssh.com
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 09:06:30 +02:00
Andreas Schneider
c4f3bf4ffa torture: Remove unused variable
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 09:05:58 +02:00
Andreas Schneider
c563ed636a Remove vim modelines from all files
If you want modelines use my vim plugin:
https://github.com/cryptomilk/git-modeline.vim

git config --add vim.modeline "ts=4 sw=4 et"

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 08:41:08 +02:00
Andreas Schneider
f3de2974a9 tests: Disable ssh_is_ipaddr("255.255.255") on Win32
Till we get the issue fixed in Wine.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 08:36:54 +02:00
Andreas Schneider
1b8ce5a6ed tests: Workaround for a Wine bug
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 08:27:08 +02:00
Jon Simons
deb7630c67 pkd: log but ignore ungraceful client disconnects
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 21:38:35 -07:00
Jon Simons
cbd9569b99 pkd: move hmac-sha2-256 to OpenSSH-only lists
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 19:52:32 -07:00
Jon Simons
a45a04ff4d pkd: omit -v for dbclient by default
The `-v` is only recognized by `dbclient` when dropbear is built
in its DEBUG_TRACE mode.  Omit that flag by default to avoid a
warning log emitted to stderr.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 19:42:57 -07:00
Jon Simons
7aa496d844 pkd: remove blowfish-cbc cipher passes
Support for the `blowfish-cbc` cipher has been removed from OpenSSH
as of version 7.6.  Remove this cipher from the pkd tests so that
the tests will pass together with a modern OpenSSH client.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 19:42:51 -07:00
Jon Simons
bf10a66b5d pkd: emit error message for OpenSSH clients < 7.0
Emit a friendly error message for OpenSSH clients older than
7.0.  Some of the recent pkd changes now require a modern
client to support some newer config options.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 19:42:43 -07:00
Jon Simons
adc817cf13 pkd: specify PubkeyAcceptedTypes for OpenSSH client
As of OpenSSH 6.9, support for `ssh-dss` user keys is disabled by default
at runtime.  Specify an explicit `-o PubkeyAcceptedKeyTYpes` in the pkd
tests to explicitly enable each user key type being tested, including
`ssh-dss`.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 19:42:37 -07:00
Jon Simons
787a649390 pkd: specify HostKeyAlgorithms for OpenSSH client
As of OpenSSH 6.9, support for `ssh-dss` host keys is disabled by default
at runtime.  Specify an explicit `-o HostKeyAlgorithms` in the pkd tests
to explicitly enable each host key type being tested, including `ssh-dss`.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 19:42:33 -07:00
Jon Simons
54690e6cdd pkd: run with SOCKET_WRAPPER_LIBRARY
Use the socket_wrapper preload shim when running the `pkd_hello`
test with `make test`.  The end goal here is to get this test
running alongside normal tests in regular CI.  Changes to do
this:

 * Configure PKD_ENVIRONMENT for the `pkd_hello_i1` test in the
   CMakeLists.txt file.

 * Add a `--socket-wrapper-dir|-w` flag that is used to opt-in to
   initializing a SOCKET_WRAPPER_DIR as expected by the socket_wrapper
   library.

   A runtime flag is used here to make it easy to run `pkd_hello`
   with the socket_wrapper library while avoiding a hard dependency.

Testing done: observed socker_wrapper in effect with `strace`;
running `make test` uses the wrapper correctly on my local
machine.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 19:41:10 -07:00
Jon Simons
4e3fb81172 pkd: add_test pkd_hello_i1 for make test
Add an entry for a `pkd_hello_i1` test which runs one iteration
through each of the pkd algorithm combinations.

Testing done: now `make test` will run `pkd_hello -i1` which
completes in ~25 seconds on my local machine.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 19:41:02 -07:00
Jon Simons
6273c409e3 pkd: fix missing config.h #include
Ensure to include config.h so that the `HAVE_DSA` value is properly set
when building the pkd tests.

Introduced with 778652460f,

Testing done: with this change, the `pkd_hello` test is passing on an
OpenSSL 1.1.0 build for me.  Previously it would fail pubkey exchange
early on for DSA- and ECDSA-type host keys.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 21:25:36 +02:00
Jon Simons
732818ebb2 tests: fix -Wunused-function warning in torture_pki_ecdsa.c
Wrap some function definitions with `HAVE_LIBCRYPTO` ifdefs to
match their usages in `torture_run_tests`.

Fixes this warning I observe when building locally:

    torture_pki_ecdsa.c:341:13: warning:
         ‘torture_pki_ecdsa_write_privkey’ defined but not used
         [-Wunused-function]

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 21:25:30 +02:00
Andreas Schneider
6c97122120 torture: Don't exclude filter mechanism on Windows
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 10:51:45 +02:00
Andreas Schneider
0dd33d8ed1 torture: Don't include sys/socket.h on Windows
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 10:44:31 +02:00
Andreas Schneider
e880cafed0 tests: Call ssh_session_is_known_server()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 09:45:35 +02:00
Andreas Schneider
b74a184172 torture: Fix building on Windows
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 09:45:35 +02:00
Andreas Schneider
03b05c8a5e tests: Add missing newline to KNOWN_HOST_ENTRY_ED25519
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-05 14:42:21 +02:00
Andreas Schneider
9e4f9a26d4 tests: Allow knownhosts verify test to validate ed25519 and ecdsa
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-05 10:50:59 +02:00
Andreas Schneider
a209f928d2 kwonhosts: Add functions to check if servers public key is known
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-04 11:20:28 +02:00
Andreas Schneider
974e1831a0 knownhosts: Add ssh_session_export_known_hosts_entry()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-04 11:20:28 +02:00
Andreas Schneider
963c46e4fb knownhosts: Add ssh_session_has_known_hosts_entry()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-04 11:20:28 +02:00
Andreas Schneider
32c49ea134 misc: Add ssh_list_count()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-04 11:20:28 +02:00
Andreas Schneider
a465ea2d49 knownhosts: Add ssh_known_hosts_read_entries()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-04 11:20:28 +02:00
Andreas Schneider
702e9e8ad5 knownhosts: Introduce new known hosts managing functions
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-04 11:20:28 +02:00
Andreas Schneider
250bf37a28 tortrue: Add ed25519 hostkey to sshd
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-04 11:20:28 +02:00
Andreas Schneider
bcaeaf17af tests: Fix size for bob_ssh_cert
Fixes a gcc8 warning.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-04 11:12:36 +02:00
Andreas Schneider
f1ff9ae00c torture: Increase wait time for process termination to 10ms
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-05-07 21:01:05 +02:00
Andreas Schneider
72f6b34dbc tests: We should only init and finalize libssh once
This should fix a segfault with gcrypt.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-05-07 08:33:32 +02:00
Andreas Schneider
816234350d pki: Fix duplicating ed25519 public keys
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-25 16:25:32 +02:00
Nikos Mavrogiannopoulos
f3a19d8c96 torture_path_expand_tilde_unix: use getpwuid() if no env variables
This allows operating under environments where the username variables
are not present.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-17 17:59:14 +02:00
Andreas Schneider
6026fc8036 cmake: Fix libfuzzer linking with clang6
This is always available using -fsanitize=fuzzer now.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-04-10 11:13:57 +02:00
Andreas Schneider
467d78a442 tests: Fix mixed code compiler warning in torture_rand
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-21 20:41:16 +01:00
Andreas Schneider
a4aeee972c torture: Increase wait time for the sshd process to exit
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-21 20:40:04 +01:00
Alberto Aguirre
dd20253fec tests: fix OSX build errors when enabling tests
Fix OSX build error about embedding a directive within macro arguments.
Apparently, snprintf is implemented as a macro on that platform.

Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-11 22:54:47 +01:00
Juraj Vijtiuk
d11869bdb6 pki: Add mbedTLS ECDSA key comparison support
Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-03-07 15:44:05 +01:00
jvijtiuk
963111b836 tests: Fix segfault with mbedTLS built without threading support
torture_rand and torture_server_x11 call ssh_init without checking
the return value. If mbedTLS is built without threading support
ssh_init fails but the tests continue and then segfault since threading
wasn't correctly initialised.

Add a section that documents requirements for mbedTLS usage in a
multi threaded environment to README.mbedtls.

Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-12 20:05:49 +01:00
Andreas Schneider
25ff1214a4 cmake: Build ssh_server_fuzzer if enabled
Fixes T67

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-04 11:52:45 +01:00
Alex Gaynor
d84b0926f0 tests: Added a fuzzer for the server
Fixes T67

Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
2018-02-04 11:51:58 +01:00
Andreas Schneider
e9073a6bdb torture_pki_ed25519: Add tests for private key with passphrase
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10 22:31:02 +01:00
Andreas Schneider
9086d5ca33 torture_pki_ecdsa: Add tests for private key with passphrase
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10 22:31:02 +01:00
Andreas Schneider
3c65057fad torture_key: Add ecdsa keys with passphrase
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10 22:31:02 +01:00
Andreas Schneider
f9b1dece41 torture_pki_dsa: Add tests for private key with passphrase
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10 22:31:02 +01:00
Andreas Schneider
f7a2330de7 torture_pki_rsa: Add tests for private key with passphrase
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10 22:31:02 +01:00
Andreas Schneider
67b8f3d6df pki_crypto: Fix private key generation with password
We need to specify a cipher when we generate a key with a password.
OpenSSH uses aes_128_cbc, so we should use the same.

Thanks to Julian Lunz for the report.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10 22:31:02 +01:00
Andreas Schneider
b0af812710 tests: Move torture keys to own file
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10 22:31:02 +01:00
Andreas Schneider
d13a17a27c cmake: Move ed25519 tests into unix part
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10 22:31:02 +01:00
Andreas Schneider
ddfc36aa56 tests: Move rsa tests to own test file
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10 22:31:02 +01:00
Andreas Schneider
a5997d180d tests: Remove obsolete setup_both_keys()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10 22:31:02 +01:00
Andreas Schneider
51875db70c tests: Move ed25519 functions to the right file
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10 22:31:02 +01:00
Andreas Schneider
5ad7da7fd2 tests: Move ecdsa tests to own test file
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10 22:27:52 +01:00
Andreas Schneider
59308bc269 tests: Move dsa tests to own test file
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10 22:27:52 +01:00
Andreas Schneider
fd2ef07f37 tests: Move helper functions to a common file
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10 22:24:11 +01:00
Andreas Schneider
37acd3eca8 torture: Give sshd more time to start up
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10 22:24:11 +01:00
Andreas Schneider
cc13e85202 tests: Fix torture_pki with libcrypto
This stops asking for a passphrase on commandline.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-04 15:35:37 +01:00
Juraj Vijtiuk
778652460f add mbedtls crypto support
Summary:
This patch adds support for mbedTLS as a crypto backend for libssh.
mbedTLS is an SSL/TLS library that has been designed to mainly be used
in embedded systems.  It is loosely coupled and has a low memory
footprint.  mbedTLS also provides a cryptography library (libmbedcrypto)
that can be used without the TLS modules.
The patch is unfortunately quite big, since several new files had to
be added.
DSA is disabled at compile time, since mbedTLS doesn't support DSA
Patch review and feedback would be appreciated, and if any issues or
suggestions appear, I'm willing to work on them.

Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>

Test Plan:
* The patch has been tested with a Debug and MinSizeRel build, with
libssh unit tests, client tests and the pkd tests.
* All the tests have been run with valgrind's memcheck, drd and helgrind
tools.
* The examples/samplessh client works when built with the patch.

Reviewers: asn, aris

Subscribers: simonsj

Differential Revision: https://bugs.libssh.org/D1
2017-12-28 11:17:39 +01:00
Jakub Jelen
176b92a4f4 tests/client/algorithms: Respect global verbosity settings
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-21 11:43:19 +01:00
Jakub Jelen
afc6a4e973 tests/config: Verify LogLevel from config is applied
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-21 11:43:19 +01:00
Jakub Jelen
53d84abb17 tests/config: Newly parsed options
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-21 11:43:19 +01:00
Jakub Jelen
dab8985c05 tests/config: Enable and disable authentication methods
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-21 11:43:19 +01:00
Jakub Jelen
0bd6ccc066 tests/config: Verify known_hosts files are applied
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-21 11:43:19 +01:00
Jakub Jelen
5c7b8802f2 tests: HostkeyAlgorithms passed from config to options
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-21 11:43:19 +01:00
Jakub Jelen
b8e301ade3 config: Add CMake check for glob() 2017-12-21 11:43:19 +01:00
NoName115
99c5160cb5 config: glob support for include with test
Signed-off-by: NoName115 <robert.kolcun@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-21 11:43:14 +01:00
Jakub Jelen
110da49504 config: support for MACs
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-15 12:00:49 +01:00
Jakub Jelen
f3754dc072 tests/config: Text KexAlgorithms parsing in ssh_config
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-15 12:00:49 +01:00
Jakub Jelen
78a3ab2eaa tests/options: Verify key exchange algorithms are set properly
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-15 12:00:49 +01:00
Aris Adamantiadis
f818e63f8f Add new options
Pair-Programmed-With: Jakub Jelen <jjelen@redhat.com>
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-15 12:00:49 +01:00
Jakub Jelen
094aa5eb02 tests: Temporarily build chroot_wrapper 2017-12-15 12:00:49 +01:00
Jakub Jelen
5d3ab421e1 tests: Do not generate pcap file by default
pcap file is generated by the processes writing to the sockets,
which is not allowed for privilege-separated process in new
OpenSSH servers (confined by seccomp filter).

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-15 12:00:49 +01:00
Jakub Jelen
f8f7989c3d tests: Give server more time to start
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-15 12:00:49 +01:00
Jakub Jelen
b92c499626 tests: Do not test blowfish ciphers with OpenSSH 7.6 and newer 2017-12-15 11:59:19 +01:00
Andreas Schneider
7a65f7f028 test: ssh_userauth_kbdint_setanswer() does not network interaction
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-11-09 15:35:22 +01:00
Jon Simons
9d79b7629c torture_algorithms: deduplicate kex method passes
Summary: Signed-off-by: Jon Simons <jon@jonsimons.org>

Test Plan:  * Re-ran the `torture_algorithms` test.

Reviewers: asn

Tags: #libssh

Differential Revision: https://bugs.libssh.org/D8
2017-10-29 15:50:09 +01:00
Andreas Schneider
f0ddde4826 Fix config.h includes
We need stdlib.h and string.h in priv.h for free() and memset().

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-10-28 14:31:37 +02:00
Jon Simons
9003f92e8f pkd_daemon.c: force close pkd_state.server_fd upon stop
There's a race window between the accept loop's call to
accept(2) and it checking `ctx.keep_going`.  Forcefully
close the server socket such that any raced `accept` ends
up failing.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-09-11 16:31:01 +02:00
Jon Simons
8d7563a9c3 pkd_daemon.c: split final close loop; wait for client to close
Sometimes, but not always, the pkd tests will fail because they
close the socket at hand a bit too early for the client.  The
client in turn may exit non-zero when that happens.

Split up the final close loop so that pkd waits to receive a
channel close from the client, and then socket close, before
finally returning.

With this change I observe that tests are now passing in
environments that would previously tickle the above race
and fail.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-09-11 16:30:54 +02:00
Jon Simons
4c4a03f056 pkd_hello.c: fix return code upon test failure
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-09-11 16:30:45 +02:00
Jon Simons
1c9eb4dfb9 config: fix memory leak with repeated opcodes
Fix a memory leak in the path where parsing returns early due
to seeing a repeated opcode.  A testcase is added which
demonstrates the leak and fix with valgrind.

Resolves CID 1374267.

Signed-off-by: Jon Simons <jon@jonsimons.org>
2017-09-11 16:26:41 +02:00
Jon Simons
7204d2f485 ecdh: enable ecdh_sha2_nistp{384,521} kex methods
Summary:
Based on Dirkjan's original patch series here:

 * https://www.libssh.org/archive/libssh/2015-08/0000029.html

Here the changes are adapted for the current master
branch, and expanded to include libgcrypt support.

Co-Authored-By: Dirkjan Bussink <d.bussink@gmail.com>
Signed-off-by: Jon Simons <jon@jonsimons.org>

Test Plan:
 * Ran pkd tests for libcrypto and libgcrypt builds.
 * Ran client torture_algorithms.c tests for libcrypto and libgcrypt builds.
 * Tested across multiple libgcrypts ("1.6.3" and "1.7.6-beta").

Reviewers: aris, asn

Reviewed By: asn

Tags: #libssh

Differential Revision: https://bugs.libssh.org/D7
2017-08-24 18:19:25 +02:00
Jon Simons
6252aab88a ecdh: enable ecdh_sha2_nistp{384,521} kex methods
Summary:
Based on Dirkjan's original patch series here:

 * https://www.libssh.org/archive/libssh/2015-08/0000029.html

Here the changes are adapted for the current master
branch, and expanded to include libgcrypt support.

Co-Authored-By: Dirkjan Bussink <d.bussink@gmail.com>
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

Test Plan:
 * Ran pkd tests for libcrypto and libgcrypt builds.
 * Ran client torture_algorithms.c tests for libcrypto and libgcrypt builds.
 * Tested across multiple libgcrypts ("1.6.3" and "1.7.6-beta").

Reviewers: aris, asn

Tags: #libssh

Differential Revision: https://bugs.libssh.org/D7
2017-08-24 18:18:41 +02:00
Nikos Mavrogiannopoulos
316ee071cf torture_options: test the setting of ciphers and MACs
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
2017-08-24 18:01:41 +02:00
Nikos Mavrogiannopoulos
efb7635162 tests: added unit test on including config files
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-08-24 15:57:19 +02:00
Jon Simons
a4dc74064c tests: plug leak in torture_bind_options_import_key
Summary:
Hello, this is a resend for a quick memory leak fix for one of the unit
tests, originally sent to the mailing list here:

 * https://www.libssh.org/archive/libssh/2017-07/0000017.html

Test Plan:
 * Before the fix and running the test with valgrind:

```
[simonsj@simonsj-lx5 : unittests] valgrind --leak-check=full ./torture_options >/dev/null
==93134== Memcheck, a memory error detector
==93134== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==93134== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info
==93134== Command: ./torture_options
==93134==
[  PASSED  ] 10 test(s).
[  PASSED  ] 1 test(s).
==93134==
==93134== HEAP SUMMARY:
==93134==     in use at exit: 80 bytes in 1 blocks
==93134==   total heap usage: 977 allocs, 976 frees, 75,029 bytes allocated
==93134==
==93134== 80 bytes in 1 blocks are definitely lost in loss record 1 of 1
==93134==    at 0x4C28C20: malloc (vg_replace_malloc.c:296)
==93134==    by 0x41BAB0: ssh_key_new (pki.c:107)
==93134==    by 0x40DF90: torture_bind_options_import_key (torture_options.c:222)
==93134==    by 0x4E3AA3A: cmocka_run_one_test_or_fixture (cmocka.c:2304)
==93134==    by 0x4E3ACEA: cmocka_run_one_tests (cmocka.c:2412)
==93134==    by 0x4E3B036: _cmocka_run_group_tests (cmocka.c:2517)
==93134==    by 0x40E9E3: torture_run_tests (torture_options.c:276)
==93134==    by 0x40DE68: main (torture.c:1100)
==93134==
==93134== LEAK SUMMARY:
==93134==    definitely lost: 80 bytes in 1 blocks
==93134==    indirectly lost: 0 bytes in 0 blocks
==93134==      possibly lost: 0 bytes in 0 blocks
==93134==    still reachable: 0 bytes in 0 blocks
==93134==         suppressed: 0 bytes in 0 blocks
==93134==
==93134== For counts of detected and suppressed errors, rerun with: -v
==93134== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
```

 * And after:

```
[simonsj@simonsj-lx5 : unittests] valgrind --leak-check=full ./torture_options >/dev/null
==93294== Memcheck, a memory error detector
==93294== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==93294== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info
==93294== Command: ./torture_options
==93294==
[  PASSED  ] 10 test(s).
[  PASSED  ] 1 test(s).
==93294==
==93294== HEAP SUMMARY:
==93294==     in use at exit: 0 bytes in 0 blocks
==93294==   total heap usage: 977 allocs, 977 frees, 75,029 bytes allocated
==93294==
==93294== All heap blocks were freed -- no leaks are possible
==93294==
==93294== For counts of detected and suppressed errors, rerun with: -v
==93294== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
```

Reviewers: asn

Reviewed By: asn

Differential Revision: https://bugs.libssh.org/D3
2017-08-17 09:33:13 +02:00
Jon Simons
fa86229673 pkd: a few improvements and fixups
Summary:
Hello, resending this patch series for the `pkd` tests, originally
sent to the mailing list here:

 *  https://www.libssh.org/archive/libssh/2017-07/0000011.html

Here are a few improvements and fixups for the `pkd` tests, including
a new flag `-m` that can be used to run only certain subsets of the
test passes.

Jon Simons (5):
  pkd: rename AES192 cipher suite -> OPENSSHONLY
  pkd_daemon.c: mark `pkd_ready` field as volatile
  pkd: fixups for updated CMocka CMUnitTest struct
  pkd: refactor -t testname lookup-by-name
  pkd: support -m to match multiple tests

 tests/pkd/pkd_daemon.c |  2 +-
 tests/pkd/pkd_daemon.h |  1 +
 tests/pkd/pkd_hello.c  | 84 +++++++++++++++++++++++++++++++++-----------------
 3 files changed, 58 insertions(+), 29 deletions(-)

--

Test Plan:
 * I've been using the new `-m` mode locally for a long time to run
   only certain groups of tests.

 * The CMocka struct fixes can be seen in the pkd output before and
   after: after, there are no more extraneous test output strings.

 * The fix for the `pkd_ready` field can be observed when building
   the libssh tests with `-Os` on a Debian system (before the fix,
   pkd would hang, after the fix, it runs as intended).

Reviewers: asn

Reviewed By: asn

Tags: #libssh

Differential Revision: https://bugs.libssh.org/D2
2017-08-17 09:24:19 +02:00
Jon Simons
380390c4b6 misc: relax fatal errors in ssh_analyze_banner
Relax the cases where `ssh_analyze_banner` fails to extract a
major and minor version from banners which appear like OpenSSH
banners.

Update the tests to demonstrate that now a banner as might be
sent by `ssh-keyscan(1)` ("SSH-2.0-OpenSSH-keyscan") no longer
returns failure.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-07-18 09:32:31 +02:00
Andreas Schneider
d9ff44b46e tests: Fix endif
Ups.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-07-14 08:53:15 +02:00
Andreas Schneider
c480ac8522 tests: Only run ssh_bind test if we build with server support
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2017-07-14 08:52:08 +02:00
Jon Simons
a89a67e008 misc: fix error-checking in ssh_analyze_banner
Fix error-checking for `strtoul` in `ssh_analyze_banner`, and
enable some tests which demonstrate the fix before-and-after.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-07-13 19:35:34 +02:00
Jon Simons
14d8e940e6 tests: torture-misc: add torture_ssh_analyze_banner
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-07-13 19:32:58 +02:00
Jon Simons
effd7ba13c tests: torture-misc: fix 4-space indentation
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-07-13 19:32:35 +02:00
Aris Adamantiadis
b0c2ca1b66 tests: fix buffer overflow in testcase 2017-06-07 18:49:56 +02:00
Alfredo Mazzinghi
9dc650b7fb server: Add option SSH_BIND_OPTIONS_IMPORT_KEY to server
This sets the bind private key directly from an ssh_key struct instead
of reading a file.

Signed-off-by: Alfredo Mazzinghi <am2419@cl.cam.ac.uk>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-04-11 10:00:13 +02:00
Andreas Schneider
f8ef200e76 tests: Fix session management of torture_knownhosts
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-11-08 08:16:20 +01:00